LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 05-05-2008, 05:48 AM   #1
NathanPardoe
LQ Newbie
 
Registered: May 2008
Location: United Kingdom
Distribution: CRUX
Posts: 7

Rep: Reputation: 0
Sendmail 8.14.2 undisclosed DNSBL lookup failure and NOQUEUE errors (FreeBSD 7.0)


Hi everyone,

I've been having a problem for months with Sendmail and DNSBL lookups. DNSBL lookups fail without any output in error logs, even with Sendmail's log level set to 22. Furthermore, NOQUEUE errors occur as per the mail logs. The server runs FreeBSD 7.0, fully up-to-date in terms of the base system and ports. The problem has been present since FreeBSD 6.2, and at the risk of sounding stupid, "seemed to happen overnight without me changing anything". Sendmail details are as follows -

Code:
root@darkweb# sendmail -d0.1
Version 8.14.2
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
My hostname.mc file -

Code:
OSTYPE(freebsd6)
DOMAIN(generic)

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')dnl
FEATURE(blacklist_recipients)dnl
FEATURE(greet_pause, `500')dnl Wait half a second before issuing 220 greeting
FEATURE(lookupdotdomain)dnl
FEATURE(mailertable)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(no_default_msa)dnl
FEATURE(nocanonify, `canonify_hosts')dnl
FEATURE(nouucp, 'reject')dnl
FEATURE(redirect)dnl
FEATURE(relay_hosts_only)dnl
FEATURE(smrsh,'/usr/libexec/smrsh')dnl
FEATURE(use_ct_file)dnl
FEATURE(use_cw_file)dnl
FEATURE(virtuser_entire_domain)dnl
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')dnl

dnl Binding options
DAEMON_OPTIONS(`Name=MSA, Family=inet, Port=submission, M=Ea')dnl
DAEMON_OPTIONS(`Name=MTA, Family=inet, Port=smtp, M=E')dnl
DAEMON_OPTIONS(`Name=MTA-SSL, Family=inet, Port=smtps, M=Es')dnl

dnl Local host names file location
define(`confCT_FILE', `-o /etc/mail/trusted-users')dnl
define(`confCW_FILE', `-o /etc/mail/local-host-names')dnl

dnl Various configuration options
define(`confALIAS_WAIT', `0')dnl
define(`confBAD_RCPT_THROTTLE', `2')dnl
define('confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
define('confCHECK_ALIASES','False')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confCONNECTION_RATE_THROTTLE', `2')dnl
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define('confDELIVERY_MODE','background')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
define(`confDOMAIN_NAME',`darkweb.ticklestix.co.uk')dnl
define('confDONT_EXPAND_CNAMES', 'False')dnl
define('confDONT_PROBE_INTERFACES','True')dnl
define(`confFORWARD_PATH', `')
define(`confMAX_DAEMON_CHILDREN', 20)dnl
define(`confMAX_HOP', `35')dnl
define(`confMAX_MESSAGE_SIZE', `20971520')dnl 20MB attachment limit
define(`confMAX_RCPTS_PER_MESSAGE', `10')dnl
define(`confMILTER_MACROS_ENVRCPT',`b,r,v,Z')dnl
define(`confNO_RCPT_ACTION', `add-to-undisclosed')dnl
define('confPRIVACY_FLAGS', 'authwarnings,noexpn,novrfy,goaway,restrictmailq,restrictqrun,needmailhelo,nobodyreturn')dnl
define(`confQUEUE_LA', `5')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confREFUSE_LA', `12')dnl
define(`confRUN_AS_USER', `root:wheel')
define(`confSEPARATE_PROC', `False')dnl
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j TickleStix MTA: $b')dnl
define(`confSUPER_SAFE',`true')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_DATABLOCK', `1m')dnl
define(`confTO_DATAFINAL', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_HELO', `2m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_ICONNECT', `15s')dnl
define('confTO_IDENT','0s')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl

dnl DNS blacklists
FEATURE(`dnsbl',`bl.spamcop.net', `"554 Rejected: Unsolicited e-mail from " $`'&{client_addr} " has been refused. DNSBL list: SpamCop (bl.spamcop.net)."', `t')dnl
FEATURE(`dnsbl',`zen.spamhaus.org', `554 Rejected: Unsolicited e-mail from " $`'&{client_addr} " has been refused. DNSBL list: Spamhaus (zen.spamhaus.org)."', `t')dnl

dnl Mail filters (Milters)
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl

dnl SMTP authentication
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS',`A p y')dnl
define(`confCACERT_PATH', `/usr/local/certs/mail')dnl
define(`confCACERT', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confCLIENT_CERT', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confCLIENT_KEY', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confDONT_BLAME_SENDMAIL', `GroupReadableSASLDBFile')dnl
define(`confRELAY_MSG',`"550 Relaying denied without authentication: Relaying requires authentication over STARTTLS or SSL. Originating sender:" $`'&{client_addr} "."')dnl
define(`confSERVER_CERT', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confSERVER_KEY', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confTLS_SRV_OPTIONS', `V')
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

dnl Enabling debugging
define(`confLOG_LEVEL', `22')dnl

MAILER(local)dnl
MAILER(smtp)dnl
And an example of the NOQUEUE errors which I cannot resolve -

Code:
May  5 10:49:48 darkweb sm-mta[87963]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use
May  5 10:49:48 darkweb sm-mta[87963]: daemon MSA: problem creating SMTP socket
Disabling all daemons and commenting out mailer entries sees the daemon referred to in NOQUEUE errors change accordingly (i.e. disable MSA --> MTA --> MTA-SSL --> Daemon0 when no user-specified daemons exist). I usually operate with the MAILER(local) entry disabled. Besides this, I've tried every combination of rc.conf sendmail-related options. In use at the moment are -

Code:
# Mail Services
## Core
mta_start_script="/etc/rc.sendmail"
sendmail_pidfile="/var/run/sendmail.pid"
sendmail_procname="/usr/sbin/sendmail"
sendmail_enable="YES"
sendmail_flags="-L sm-mta -bd -q30m"
sendmail_submit_enable="NO"
sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost"
sendmail_outbound_enable="YES"
sendmail_outbound_flags="-L sm-queue -q30m"
sendmail_msp_queue_enable="YES"
sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
sendmail_rebuild_aliases="YES"
## Extras
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_freshclam_flags="--checks=12"
saslauthd_enable="YES"
spamass_milter_enable="YES"
spamd_enable="YES"
As I said, I've tried using only one of the sendmail_*_enable options in turn, using all, using different flags, using the /etc/rc.d/sendmail init script and other things Google has turned up - all to no avail.

Regarding the DNSBL problem, I've tried using a variety of other lists, and tried removing my custom error message. The only thing I can think of that would cause the DNSBL lookups to fail silently is the, "t" option, but this is to prevent lookup timeouts causing spam mail to be received. I can successfully use the dig command to lookup known spam IP addresses. I'm not sure if it is relevant, but the server defaults to using the router for DNS lookups and the local cache otherwise (djbdns), with both processing DNS queries OK.

I apologise if I haven't explained my problem very well. The e-mail server sends and receives e-mail without issue, however, even when the log level is set to the default the NOQUEUE errors are still present. I appreciate the NOQUEUE errors may be of no significance, but the output of '/etc/rc.d/sendmail status' concerns me -

Code:
root@darkweb# /etc/rc.d/sendmail status
sendmail is running as pid 1038.
sendmail_clientmqueue is not running.
The main issue is the DNSBL lookups failing and seemingly all mail is accepted - when DNSBL lookups worked 90% of the spam I receive was dropped.

Thanks for your help in advance. Again, I apologise for any difficulties in understanding the problem, and if the information provided isn't sufficient. Any advice or comments would be of assistance.
 
Old 05-07-2008, 05:39 PM   #2
NathanPardoe
LQ Newbie
 
Registered: May 2008
Location: United Kingdom
Distribution: CRUX
Posts: 7

Original Poster
Rep: Reputation: 0
Bump for assistance.
 
Old 05-20-2008, 08:01 AM   #3
NathanPardoe
LQ Newbie
 
Registered: May 2008
Location: United Kingdom
Distribution: CRUX
Posts: 7

Original Poster
Rep: Reputation: 0
In case it helps anybody, the (simple) fix is at http://daemonforums.org/showpost.php?p=2975&postcount=9.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Host lookup failure with Sendmail MattiasLofgren Slackware 4 05-14-2009 03:00 PM
sendmail NOQUEUE - cluster alias MensaWater Linux - Software 0 08-14-2007 10:59 AM
sendmail and dnsbl cholo Linux - Software 0 11-16-2004 01:02 AM
Sendmail relay denied. PTR or IP lookup failure. Bjorkli Linux - Networking 1 06-09-2004 01:59 PM
sendmail: host name lookup failure GabeF Linux - Networking 3 12-04-2002 08:00 AM


All times are GMT -5. The time now is 07:08 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration